The IDPS must generate notification messages containing information necessary for corrective actions for errors encountered; however, these messages must not contain organizationally defined sensitive or potentially harmful information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000273-IDPS-000217 | SRG-NET-000273-IDPS-000217 | SRG-NET-000273-IDPS-000217_rule | Medium |
| Description |
|---|
| The extent to which the IDPS is able to identify and handle error conditions is guided by organizational policy and operational requirements. However, it is imperative that the IDPS does not reveal information that may have been captured in the log data that could risk the compromise of the device or the network. Hence, the structure and content of error messages notifications sent to the system administrators or users must be carefully considered. These notifications may be sent to system administrators or users, depending on the type of message. This requirement includes device or application error conditions as well as sensor log alerts. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43380_chk ) |
|---|
| Review the error message sent by the system. These messages may be part of the signature or rules or may be in a message repository, depending on the product used. Verify the system notifications for error messages or sensor alerts do not contain sensitive or potentially harmful information, as defined by the organization. If sensitive or potentially harmful information, as defined by the organization, is included as part of the notification messages for error conditions or sensor alerts, this is a finding. |
| Fix Text (F-43380_fix) |
|---|
| Remove sensitive or potentially harmful information, as defined by the organization, from the notification messages for error conditions or sensor alerts. |